Our current string-to-key for des3 makes no checks or corrections for weak keys. However, the key schedule generation code will return an error (after generating key schedules, but the error code *is* checked) if any of the three keys is weak. One of the two needs to be changed. The current crypto draft says we don't do weak-key checks, but that's because I looked at our string-to-key and not the key scheduling code. Heimdal does do weak key checking and correction. I'm going to suggest on the WG list that doing the check is the correct fix. Ken